set X-XSS-Protection headers to 0 in lighttpd.conf

Signed-off-by: Neill Wolf <neillawolf@gmail.com>
1 year ago · d245226053
parent a5d10a6256
commit d245226053
2 changed files with 2 additions and 2 deletions
--- a/advanced/lighttpd.conf.debian
+++ b/advanced/lighttpd.conf.debian
@ -90,7 +90,7 @@ $HTTP["url"] =~ "^/admin/" {
    setenv.add-response-header = (
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
        "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "1; mode=block",
+        "X-XSS-Protection" => "0",
        "X-Content-Type-Options" => "nosniff",
        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
        "X-Permitted-Cross-Domain-Policies" => "none",
--- a/advanced/lighttpd.conf.fedora
+++ b/advanced/lighttpd.conf.fedora
@ -98,7 +98,7 @@ $HTTP["url"] =~ "^/admin/" {
    setenv.add-response-header = (
        "X-Pi-hole" => "The Pi-hole Web interface is working!",
        "X-Frame-Options" => "DENY",
-        "X-XSS-Protection" => "1; mode=block",
+        "X-XSS-Protection" => "0",
        "X-Content-Type-Options" => "nosniff",
        "Content-Security-Policy" => "default-src 'self' 'unsafe-inline';",
        "X-Permitted-Cross-Domain-Policies" => "none",